openclaw-gitbak
Backup/restore OpenClaw config and workspace via git.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 19 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is intended to back up ~/.openclaw data via git, and the scripts do perform that. However the package metadata declares no required binaries or credentials while the scripts plainly call git and expect SSH access to push/pull. The config hardcodes GIT_HOST and GIT_ORG (gitee.com / burnlife) which is unexpected for a personal backup tool and could cause accidental pushes/pulls to an external org if the user doesn't edit config.sh.
Instruction Scope
SKILL.md describes how to run the included scripts and points at the config, which is fine, but the scripts copy the skill's .gitignore into target repos on initialization. That .gitignore explicitly excludes 'workspace' and 'workspace-coder' — exactly the items the BACKUP_ITEMS list — so initial backups may omit the very directories the skill advertises. The scripts also run git init/commit/push in user directories (modifying user filesystem) without safety checks and perform forced pushes (-f).
Install Mechanism
There is no remote install artifact or download; this is an instruction-only skill with included shell scripts. That reduces supply-chain risk. No external archives or installers are fetched.
Credentials
The skill declares no required environment variables, yet the scripts require a working git binary and SSH credentials (implicit via git@... URLs). The hardcoded remote host/org means the user must edit config.sh to point to their own repos, otherwise backups attempt to use someone else's namespace. The scripts do not request or document SSH key usage or alternative credential methods.
Persistence & Privilege
The skill is not always-enabled and does not change other skills or global agent settings. It does create .git metadata and modify the target directories (init, commit, push), which is expected for a backup tool but is elevated filesystem activity that the user should explicitly permit.
What to consider before installing
Before installing or running: 1) Review and edit scripts/config.sh to point to your own GIT_HOST, GIT_ORG, and GIT_BRANCH — do NOT leave the default 'burnlife' org. 2) Ensure git is installed and you have appropriate SSH or other git credentials; the scripts use git@... SSH URLs but the skill declares no credential requirements. 3) Inspect .gitignore in the skill: it currently excludes 'workspace' and 'workspace-coder', which will prevent those directories from being committed if copied into your repo — remove or adjust those lines if you intend to back up those directories. 4) Backup the target directories manually before first run; the scripts will initialize .git and perform forced pushes (-f) which can overwrite remote history. 5) Consider removing the force flag or adding explicit prompts/validation to avoid accidental data loss or unintended pushes to a remote you don't control. 6) If you cannot verify the remote repos or do not want your OpenClaw data uploaded elsewhere, do not run these scripts. If you want this skill to be safer, request the maintainer add declared dependencies (git), document required credentials, and avoid unsafe defaults (hardcoded org, -f pushes, and .gitignore that excludes claimed backup items).Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
OpenClaw Git Backup/Restore
Backup: skill openclaw-gitbak backup [cfg|workspace|workspace-coder|all] [commitmsg]
Restore: skill openclaw-gitbak restore [cfg|workspace|workspace-coder|all]
Scripts: ~/.openclaw/skills/openclaw-gitbak/scripts/
Config: edit ~/.openclaw/skills/openclaw-gitbak/scripts/config.sh
Format: BACKUP_ITEMS["key"]="local_path:repo_name:description"
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…